recog 2.3.18 → 2.3.19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/cpe-remap.yaml +11 -0
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_family.txt +6 -0
- data/identifiers/hw_product.txt +59 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +1 -0
- data/identifiers/os_product.txt +25 -0
- data/identifiers/service_family.txt +3 -0
- data/identifiers/service_product.txt +27 -0
- data/identifiers/vendor.txt +33 -0
- data/lib/recog/version.rb +1 -1
- data/update_cpes.py +3 -3
- data/xml/favicons.xml +108 -0
- data/xml/ftp_banners.xml +2 -1
- data/xml/html_title.xml +156 -1
- data/xml/http_cookies.xml +85 -0
- data/xml/http_servers.xml +120 -1
- data/xml/http_wwwauth.xml +8 -0
- data/xml/mdns_device-info_txt.xml +308 -10
- data/xml/ntp_banners.xml +9 -1
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +344 -8
- data/xml/sip_user_agents.xml +317 -4
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +157 -33
- data/xml/snmp_sysdescr.xml +129 -1
- data/xml/ssh_banners.xml +118 -11
- data/xml/telnet_banners.xml +25 -1
- data/xml/tls_jarm.xml +139 -0
- data/xml/x509_issuers.xml +16 -0
- data/xml/x509_subjects.xml +72 -0
- metadata +4 -2
data/xml/ftp_banners.xml
CHANGED
@@ -360,10 +360,11 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
360
360
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-</example>
|
361
361
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-
|
362
362
|
more stuff</example>
|
363
|
-
<param pos="0" name="service.
|
363
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
364
364
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
365
365
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
366
366
|
<param pos="1" name="service.version"/>
|
367
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
367
368
|
</fingerprint>
|
368
369
|
|
369
370
|
<fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
|
data/xml/html_title.xml
CHANGED
@@ -255,6 +255,7 @@
|
|
255
255
|
<param pos="0" name="hw.vendor" value="Philips"/>
|
256
256
|
<param pos="0" name="hw.product" value="Hue"/>
|
257
257
|
<param pos="0" name="hw.device" value="Light Bulb"/>
|
258
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
|
258
259
|
</fingerprint>
|
259
260
|
|
260
261
|
<fingerprint pattern="LANDesk\(R\) Management Agent$">
|
@@ -595,6 +596,14 @@
|
|
595
596
|
<param pos="0" name="hw.product" value="Lantick Ethernet Relay Controller"/>
|
596
597
|
</fingerprint>
|
597
598
|
|
599
|
+
<fingerprint pattern="^XYTRONIX Relay$">
|
600
|
+
<description>Xytronix Relay</description>
|
601
|
+
<example>XYTRONIX Relay</example>
|
602
|
+
<param pos="0" name="hw.vendor" value="Xytronix"/>
|
603
|
+
<param pos="0" name="hw.device" value="Relay Controller"/>
|
604
|
+
<param pos="0" name="hw.product" value="Ethernet Relay Controller"/>
|
605
|
+
</fingerprint>
|
606
|
+
|
598
607
|
<fingerprint pattern="^(myUTN(?:-[a-zA-Z0-9]+)?) Control Center$">
|
599
608
|
<description>myUTN Device Server</description>
|
600
609
|
<example hw.product="myUTN-50a">myUTN-50a Control Center</example>
|
@@ -1596,6 +1605,14 @@
|
|
1596
1605
|
<param pos="0" name="service.cpe23" value="cpe:/a:manageengine:opmanager:-"/>
|
1597
1606
|
</fingerprint>
|
1598
1607
|
|
1608
|
+
<fingerprint pattern="^ManageEngine Desktop Central 9$">
|
1609
|
+
<description>ManageEngine Desktop Central 9</description>
|
1610
|
+
<example>ManageEngine Desktop Central 9</example>
|
1611
|
+
<param pos="0" name="service.vendor" value="ManageEngine"/>
|
1612
|
+
<param pos="0" name="service.product" value="Desktop Central"/>
|
1613
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:manageengine:desktop_central:-"/>
|
1614
|
+
</fingerprint>
|
1615
|
+
|
1599
1616
|
<fingerprint pattern="^ManageEngine ADAudit Plus$">
|
1600
1617
|
<description>ManageEngineADAudit Plus</description>
|
1601
1618
|
<example>ManageEngine ADAudit Plus</example>
|
@@ -1677,6 +1694,7 @@
|
|
1677
1694
|
<param pos="0" name="service.family" value="NetScaler"/>
|
1678
1695
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
1679
1696
|
<param pos="0" name="service.product" value="NetScaler Gateway"/>
|
1697
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler_gateway:-"/>
|
1680
1698
|
</fingerprint>
|
1681
1699
|
|
1682
1700
|
<fingerprint pattern="^Citrix (?:NetScaler SDX|ADC SDX)$">
|
@@ -2181,6 +2199,14 @@
|
|
2181
2199
|
<param pos="0" name="service.product" value="Kiwi Syslog"/>
|
2182
2200
|
</fingerprint>
|
2183
2201
|
|
2202
|
+
<fingerprint pattern="^SolarWinds Orion$">
|
2203
|
+
<description>SolarWinds Orion</description>
|
2204
|
+
<example>SolarWinds Orion</example>
|
2205
|
+
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
2206
|
+
<param pos="0" name="service.product" value="Orion Platform"/>
|
2207
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
|
2208
|
+
</fingerprint>
|
2209
|
+
|
2184
2210
|
<fingerprint pattern="^ClickShare Configurator$">
|
2185
2211
|
<description>ClickShare Wireless Presenter</description>
|
2186
2212
|
<example>ClickShare Configurator</example>
|
@@ -2511,6 +2537,7 @@
|
|
2511
2537
|
<example>SolarWinds Virtualization Manager</example>
|
2512
2538
|
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
2513
2539
|
<param pos="0" name="service.product" value="Virtualization Manager"/>
|
2540
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
|
2514
2541
|
</fingerprint>
|
2515
2542
|
|
2516
2543
|
<fingerprint pattern="^(?:Gitea: .*|LocalRepo|TurnKey Gitea)$">
|
@@ -2654,9 +2681,10 @@
|
|
2654
2681
|
<param pos="0" name="service.product" value="Security Scanner"/>
|
2655
2682
|
</fingerprint>
|
2656
2683
|
|
2657
|
-
<fingerprint pattern="^Kodi
|
2684
|
+
<fingerprint pattern="^(?:Chorus 2 - )?Kodi(?: web interface)?$">
|
2658
2685
|
<description>Kodi Media Server</description>
|
2659
2686
|
<example>Kodi</example>
|
2687
|
+
<example>Chorus 2 - Kodi web interface</example>
|
2660
2688
|
<param pos="0" name="service.vendor" value="Kodi"/>
|
2661
2689
|
<param pos="0" name="service.product" value="Media Server"/>
|
2662
2690
|
<param pos="0" name="service.cpe23" value="cpe:/a:kodi:kodi:-"/>
|
@@ -2735,4 +2763,131 @@
|
|
2735
2763
|
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
2736
2764
|
</fingerprint>
|
2737
2765
|
|
2766
|
+
<fingerprint pattern="^Jellyfin$">
|
2767
|
+
<description>Jellyfin media server</description>
|
2768
|
+
<example>Jellyfin</example>
|
2769
|
+
<param pos="0" name="service.vendor" value="Jellyfin"/>
|
2770
|
+
<param pos="0" name="service.product" value="Media Server"/>
|
2771
|
+
</fingerprint>
|
2772
|
+
|
2773
|
+
<fingerprint pattern="^proxmox - Proxmox Virtual Environment$">
|
2774
|
+
<description>Proxmox open-source virtualization platform</description>
|
2775
|
+
<example>proxmox - Proxmox Virtual Environment</example>
|
2776
|
+
<param pos="0" name="service.vendor" value="Proxmox"/>
|
2777
|
+
<param pos="0" name="service.product" value="Proxmox"/>
|
2778
|
+
<param pos="0" name="os.vendor" value="Proxmox"/>
|
2779
|
+
<param pos="0" name="os.family" value="Linux"/>
|
2780
|
+
<param pos="0" name="os.product" value="Proxmox"/>
|
2781
|
+
</fingerprint>
|
2782
|
+
|
2783
|
+
<fingerprint pattern="^Sony Network Camera$">
|
2784
|
+
<description>Sony Network Camera</description>
|
2785
|
+
<example>Sony Network Camera</example>
|
2786
|
+
<param pos="0" name="hw.vendor" value="Sony"/>
|
2787
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
2788
|
+
<param pos="0" name="hw.product" value="Network Camera"/>
|
2789
|
+
</fingerprint>
|
2790
|
+
|
2791
|
+
<fingerprint pattern="Lifesize&reg;$">
|
2792
|
+
<description>Lifesize TelePresence</description>
|
2793
|
+
<example>Lifesize&reg;</example>
|
2794
|
+
<example>400 - Bad Request Lifesize&reg;</example>
|
2795
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
2796
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
2797
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
2798
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
2799
|
+
<param pos="0" name="os.family" value="Linux"/>
|
2800
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
2801
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
2802
|
+
</fingerprint>
|
2803
|
+
|
2804
|
+
<fingerprint pattern="^AT&amp;T VPN Gateway$">
|
2805
|
+
<description>ATT VPN Gateway</description>
|
2806
|
+
<example>AT&amp;T VPN Gateway</example>
|
2807
|
+
<param pos="0" name="hw.vendor" value="ATT"/>
|
2808
|
+
<param pos="0" name="hw.device" value="VPN"/>
|
2809
|
+
<param pos="0" name="hw.product" value="VPN Gateway"/>
|
2810
|
+
</fingerprint>
|
2811
|
+
|
2812
|
+
<fingerprint pattern="^AT&amp;T U\d+: '([^']+)'$">
|
2813
|
+
<description>ATT VPN Gateway w Hostname</description>
|
2814
|
+
<example host.name="Austin-Boston">AT&amp;T U115: 'Austin-Boston'</example>
|
2815
|
+
<param pos="0" name="hw.vendor" value="ATT"/>
|
2816
|
+
<param pos="0" name="hw.device" value="VPN"/>
|
2817
|
+
<param pos="0" name="hw.product" value="VPN Gateway"/>
|
2818
|
+
<param pos="1" name="host.name"/>
|
2819
|
+
</fingerprint>
|
2820
|
+
|
2821
|
+
<fingerprint pattern="^(?:Symantec Encryption Verified Directory|Symantec Encryption Server.*)$">
|
2822
|
+
<description>Symantec PGP Key Management Server</description>
|
2823
|
+
<example>Symantec Encryption Verified Directory</example>
|
2824
|
+
<example>Symantec Encryption Server - Page Not Found</example>
|
2825
|
+
<example>Symantec Encryption Server - Login</example>
|
2826
|
+
<param pos="0" name="hw.vendor" value="Symantec"/>
|
2827
|
+
<param pos="0" name="hw.device" value="Security Appliance"/>
|
2828
|
+
<param pos="0" name="hw.product" value="Key Management Server"/>
|
2829
|
+
</fingerprint>
|
2830
|
+
|
2831
|
+
<fingerprint pattern="^Riverbed Technology, Inc\.$">
|
2832
|
+
<description>Riverbed Steelhead Appliance</description>
|
2833
|
+
<example>Riverbed Technology, Inc.</example>
|
2834
|
+
<param pos="0" name="hw.vendor" value="Riverbed"/>
|
2835
|
+
<param pos="0" name="hw.device" value="Security Appliance"/>
|
2836
|
+
<param pos="0" name="hw.product" value="Steelhead"/>
|
2837
|
+
<param pos="0" name="os.product" value="RiOS"/>
|
2838
|
+
<param pos="0" name="os.vendor" value="Riverbed"/>
|
2839
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
|
2840
|
+
</fingerprint>
|
2841
|
+
|
2842
|
+
<fingerprint pattern="^ClearPass - Aruba Networks$">
|
2843
|
+
<description>ClearPass Policy Manager Appliance</description>
|
2844
|
+
<example>ClearPass - Aruba Networks</example>
|
2845
|
+
<param pos="0" name="hw.vendor" value="Aruba Networks"/>
|
2846
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
2847
|
+
<param pos="0" name="hw.product" value="ClearPass Policy Manager"/>
|
2848
|
+
<param pos="0" name="service.vendor" value="Aruba Networks"/>
|
2849
|
+
<param pos="0" name="service.device" value="Network Appliance"/>
|
2850
|
+
<param pos="0" name="service.product" value="ClearPass Policy Manager"/>
|
2851
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:arubanetworks:clearpass_policy_manager:-"/>
|
2852
|
+
</fingerprint>
|
2853
|
+
|
2854
|
+
<fingerprint pattern="^MSTR Collab Server$">
|
2855
|
+
<description>MicroStrategy Collaboration Server</description>
|
2856
|
+
<example>MSTR Collab Server</example>
|
2857
|
+
<param pos="0" name="service.vendor" value="MicroStrategy"/>
|
2858
|
+
<param pos="0" name="service.product" value="Collaboration Server"/>
|
2859
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
2860
|
+
</fingerprint>
|
2861
|
+
|
2862
|
+
<fingerprint pattern="^Openfire Admin Console$">
|
2863
|
+
<description>Openfire Admin Console</description>
|
2864
|
+
<example>Openfire Admin Console</example>
|
2865
|
+
<param pos="0" name="service.vendor" value="Ignite Realtime"/>
|
2866
|
+
<param pos="0" name="service.product" value="OpenFire"/>
|
2867
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:igniterealtime:openfire:-"/>
|
2868
|
+
</fingerprint>
|
2869
|
+
|
2870
|
+
<fingerprint pattern="^:: PBX in a Flash">
|
2871
|
+
<description>PBX in a Flash</description>
|
2872
|
+
<example>:: PBX in a Flash, Welcome!</example>
|
2873
|
+
<param pos="0" name="hw.vendor" value="PIAF"/>
|
2874
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
2875
|
+
<param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
|
2876
|
+
</fingerprint>
|
2877
|
+
|
2878
|
+
<fingerprint pattern="^Hak5 Cloud C">
|
2879
|
+
<description>Hak5 Cloud c2</description>
|
2880
|
+
<example>Hak5 Cloud C²</example>
|
2881
|
+
<param pos="0" name="service.vendor" value="Hak5"/>
|
2882
|
+
<param pos="0" name="service.product" value="Cloud C2"/>
|
2883
|
+
</fingerprint>
|
2884
|
+
|
2885
|
+
<fingerprint pattern="^Metabase$">
|
2886
|
+
<description>Metabase</description>
|
2887
|
+
<example>Metabase</example>
|
2888
|
+
<param pos="0" name="service.vendor" value="Metabase"/>
|
2889
|
+
<param pos="0" name="service.product" value="Metabase"/>
|
2890
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
|
2891
|
+
</fingerprint>
|
2892
|
+
|
2738
2893
|
</fingerprints>
|
data/xml/http_cookies.xml
CHANGED
@@ -49,6 +49,15 @@
|
|
49
49
|
<param pos="0" name="service.product" value="Dynamo"/>
|
50
50
|
</fingerprint>
|
51
51
|
|
52
|
+
<fingerprint pattern="^Bugzilla_login_request_cookie=.*">
|
53
|
+
<description>Bugzilla</description>
|
54
|
+
<example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
|
55
|
+
<param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
|
56
|
+
<param pos="0" name="service.vendor" value="Mozilla"/>
|
57
|
+
<param pos="0" name="service.product" value="Bugzilla"/>
|
58
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
59
|
+
</fingerprint>
|
60
|
+
|
52
61
|
<fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
|
53
62
|
<description>BEA WebLogic (with timestamp)</description>
|
54
63
|
<param pos="1" name="cookie"/>
|
@@ -165,6 +174,15 @@
|
|
165
174
|
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
166
175
|
</fingerprint>
|
167
176
|
|
177
|
+
<fingerprint pattern="^DokuWiki=.*">
|
178
|
+
<description>Dokuwiki</description>
|
179
|
+
<example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
|
180
|
+
<param pos="0" name="cookie" value="DokuWiki"/>
|
181
|
+
<param pos="0" name="service.vendor" value="Dokuwiki"/>
|
182
|
+
<param pos="0" name="service.product" value="Dokuwiki"/>
|
183
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
|
184
|
+
</fingerprint>
|
185
|
+
|
168
186
|
<fingerprint pattern="^(EktGUID|ecm)=.*">
|
169
187
|
<description>Ektron CMS400.net</description>
|
170
188
|
<param pos="1" name="cookie"/>
|
@@ -184,6 +202,15 @@
|
|
184
202
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
185
203
|
</fingerprint>
|
186
204
|
|
205
|
+
<fingerprint pattern="^i_like_gogits=.*">
|
206
|
+
<description>Gogs</description>
|
207
|
+
<example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
|
208
|
+
<param pos="0" name="cookie" value="i_like_gogits"/>
|
209
|
+
<param pos="0" name="service.vendor" value="Gogs"/>
|
210
|
+
<param pos="0" name="service.product" value="Gogs"/>
|
211
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
212
|
+
</fingerprint>
|
213
|
+
|
187
214
|
<fingerprint pattern="^(BigIPCookie)=.*">
|
188
215
|
<description>F5 BIG-IP LTM</description>
|
189
216
|
<param pos="1" name="cookie"/>
|
@@ -193,6 +220,25 @@
|
|
193
220
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
194
221
|
</fingerprint>
|
195
222
|
|
223
|
+
<fingerprint pattern="^i_like_gitea=.*">
|
224
|
+
<description>Gitea</description>
|
225
|
+
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
226
|
+
<param pos="0" name="cookie" value="i_like_gitea"/>
|
227
|
+
<param pos="0" name="service.vendor" value="Gitea"/>
|
228
|
+
<param pos="0" name="service.product" value="Gitea"/>
|
229
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
230
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
|
231
|
+
</fingerprint>
|
232
|
+
|
233
|
+
<fingerprint pattern="^_gitlab_session=.*">
|
234
|
+
<description>GitLab</description>
|
235
|
+
<param pos="0" name="cookie" value="_gitlab_session"/>
|
236
|
+
<param pos="0" name="service.vendor" value="GitLab"/>
|
237
|
+
<param pos="0" name="service.product" value="GitLab"/>
|
238
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
239
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
|
240
|
+
</fingerprint>
|
241
|
+
|
196
242
|
<fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
|
197
243
|
<description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
|
198
244
|
<param pos="1" name="cookie"/>
|
@@ -296,6 +342,16 @@
|
|
296
342
|
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
297
343
|
</fingerprint>
|
298
344
|
|
345
|
+
<fingerprint pattern="^phsid=.*">
|
346
|
+
<description>Phabricator</description>
|
347
|
+
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
348
|
+
<param pos="0" name="cookie" value="phsid"/>
|
349
|
+
<param pos="0" name="service.vendor" value="Phacility"/>
|
350
|
+
<param pos="0" name="service.family" value="Phabricator"/>
|
351
|
+
<param pos="0" name="service.product" value="Phabricator"/>
|
352
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
353
|
+
</fingerprint>
|
354
|
+
|
299
355
|
<fingerprint pattern="^(RMID)=.*">
|
300
356
|
<description>RealMedia OpenAdStream</description>
|
301
357
|
<param pos="1" name="cookie"/>
|
@@ -342,6 +398,15 @@
|
|
342
398
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
343
399
|
</fingerprint>
|
344
400
|
|
401
|
+
<fingerprint pattern="^_redmine_session=.*">
|
402
|
+
<description>Redmine</description>
|
403
|
+
<example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
|
404
|
+
<param pos="0" name="cookie" value="_redmine_session"/>
|
405
|
+
<param pos="0" name="service.vendor" value="Redmine"/>
|
406
|
+
<param pos="0" name="service.product" value="Redmine"/>
|
407
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:redmine:redmine:-"/>
|
408
|
+
</fingerprint>
|
409
|
+
|
345
410
|
<fingerprint pattern="^(gx_session_id|JROUTE)=.*">
|
346
411
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
347
412
|
<param pos="1" name="cookie"/>
|
@@ -375,6 +440,16 @@
|
|
375
440
|
<param pos="0" name="service.product" value="Urchin Tracking Module"/>
|
376
441
|
</fingerprint>
|
377
442
|
|
443
|
+
<fingerprint pattern="vxoaSessionID=">
|
444
|
+
<description>Silver Peak Appliance</description>
|
445
|
+
<example>vxoaSessionID=s%3A2650cfe1df092fc617d229d6d6b5dbfc.70yKRpb371czAWFkZWXdNfCSNexQvtiVr%2B3Z51YXbIw; Path=/; HttpOnly; Secure</example>
|
446
|
+
<example>vxoaSessionID=s%3A65e39ce7ae15193cb4bb0f812d20105b.qgHrgV4MtPKWeKwBrfynmxZmn5iaegh%2FRP0nV5ntaE8; Path=/; HttpOnly; Secure</example>
|
447
|
+
<example>vxoaSessionID=s%3A7e17300953b68c4713990a01bd00aa2b.5mg3edagZCkddCmWqMXbp4AOEzTVby6K2z2jfhal7Uw; Path=/; HttpOnly; Secure</example>
|
448
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
449
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
450
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
451
|
+
</fingerprint>
|
452
|
+
|
378
453
|
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
|
379
454
|
<description>Vignette</description>
|
380
455
|
<param pos="1" name="cookie"/>
|
@@ -399,6 +474,16 @@
|
|
399
474
|
<param pos="0" name="service.product" value="WebTrends"/>
|
400
475
|
</fingerprint>
|
401
476
|
|
477
|
+
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=.*">
|
478
|
+
<description>Zimbra</description>
|
479
|
+
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
480
|
+
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
481
|
+
<param pos="1" name="cookie"/>
|
482
|
+
<param pos="0" name="service.vendor" value="Synacor"/>
|
483
|
+
<param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
|
484
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
485
|
+
</fingerprint>
|
486
|
+
|
402
487
|
<fingerprint pattern="^(_ZopeId)=.*">
|
403
488
|
<description>Zope</description>
|
404
489
|
<param pos="1" name="cookie"/>
|
data/xml/http_servers.xml
CHANGED
@@ -2,6 +2,23 @@
|
|
2
2
|
<fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
|
3
3
|
<!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
|
4
4
|
|
5
|
+
<fingerprint pattern="^BASHttpd/([\d.]+)">
|
6
|
+
<description>BASHttpd</description>
|
7
|
+
<example service.version="4.3.24">BASHttpd/4.3.24-release</example>
|
8
|
+
<param pos="0" name="service.product" value="bashttpd"/>
|
9
|
+
<param pos="0" name="service.vendor" value="Avleen Vig"/>
|
10
|
+
<param pos="1" name="service.version"/>
|
11
|
+
</fingerprint>
|
12
|
+
|
13
|
+
<fingerprint pattern="^monit ([\d.]+)$">
|
14
|
+
<description>Monit</description>
|
15
|
+
<example service.version="5.6">monit 5.6</example>
|
16
|
+
<param pos="0" name="service.vendor" value="Tildeslash"/>
|
17
|
+
<param pos="0" name="service.product" value="Monit"/>
|
18
|
+
<param pos="1" name="service.version"/>
|
19
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:tildeslash:monit:{service.version}"/>
|
20
|
+
</fingerprint>
|
21
|
+
|
5
22
|
<fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
|
6
23
|
<description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
|
7
24
|
<example service.version="220.68">AirTunes/220.68</example>
|
@@ -1785,9 +1802,13 @@
|
|
1785
1802
|
<param pos="0" name="os.vendor" value="NetApp"/>
|
1786
1803
|
<param pos="0" name="os.family" value="Data ONTAP"/>
|
1787
1804
|
<param pos="0" name="os.product" value="Data ONTAP"/>
|
1788
|
-
<param pos="0" name="os.device" value="File Server"/>
|
1789
1805
|
<param pos="1" name="os.version"/>
|
1806
|
+
<param pos="0" name="os.device" value="NAS"/>
|
1790
1807
|
<param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
|
1808
|
+
<param pos="0" name="hw.vendor" value="NetApp"/>
|
1809
|
+
<param pos="0" name="hw.family" value="Data ONTAP"/>
|
1810
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
1811
|
+
<param pos="0" name="hw.product" value="Data ONTAP"/>
|
1791
1812
|
</fingerprint>
|
1792
1813
|
|
1793
1814
|
<fingerprint pattern="^BlueCoat-Security-Appliance$">
|
@@ -2372,6 +2393,15 @@
|
|
2372
2393
|
<param pos="2" name="python.version"/>
|
2373
2394
|
</fingerprint>
|
2374
2395
|
|
2396
|
+
<fingerprint pattern="^Grandstream (GXP[^\s]+) ([\d\.]+)$">
|
2397
|
+
<description>Grandstream IP Phone</description>
|
2398
|
+
<example hw.product="GXP2020" hw.version="1.2.5.3">Grandstream GXP2020 1.2.5.3</example>
|
2399
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
2400
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
2401
|
+
<param pos="2" name="hw.version"/>
|
2402
|
+
<param pos="1" name="hw.product"/>
|
2403
|
+
</fingerprint>
|
2404
|
+
|
2375
2405
|
<fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
|
2376
2406
|
<description>Apache variant for web access to HP printers.</description>
|
2377
2407
|
<example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
|
@@ -4171,6 +4201,66 @@
|
|
4171
4201
|
<param pos="2" name="python.version"/>
|
4172
4202
|
</fingerprint>
|
4173
4203
|
|
4204
|
+
<fingerprint pattern="^pve-api-daemon/[\d.]+">
|
4205
|
+
<description>Proxmox api daemon</description>
|
4206
|
+
<example>pve-api-daemon/3.0</example>
|
4207
|
+
<param pos="0" name="service.vendor" value="Proxmox"/>
|
4208
|
+
<param pos="0" name="service.product" value="Proxmox"/>
|
4209
|
+
<param pos="0" name="os.vendor" value="Proxmox"/>
|
4210
|
+
<param pos="0" name="os.family" value="Linux"/>
|
4211
|
+
<param pos="0" name="os.product" value="Proxmox"/>
|
4212
|
+
</fingerprint>
|
4213
|
+
|
4214
|
+
<fingerprint pattern="^Cherokee/([\d.]+) \(Debian\)$">
|
4215
|
+
<description>Cherokee Web Server - Debian variant</description>
|
4216
|
+
<example service.version="1.2.104">Cherokee/1.2.104 (Debian)</example>
|
4217
|
+
<param pos="0" name="service.vendor" value="Cherokee Project"/>
|
4218
|
+
<param pos="0" name="service.product" value="Cherokee"/>
|
4219
|
+
<param pos="1" name="service.version"/>
|
4220
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
|
4221
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
4222
|
+
<param pos="0" name="os.product" value="Linux"/>
|
4223
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
4224
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
4225
|
+
</fingerprint>
|
4226
|
+
|
4227
|
+
<fingerprint pattern="^Cherokee/([\d.]+) \(Ubuntu\)$">
|
4228
|
+
<description>Cherokee Web Server - Ubuntu variant</description>
|
4229
|
+
<example service.version="1.2.104">Cherokee/1.2.104 (Ubuntu)</example>
|
4230
|
+
<param pos="0" name="service.vendor" value="Cherokee Project"/>
|
4231
|
+
<param pos="0" name="service.product" value="Cherokee"/>
|
4232
|
+
<param pos="1" name="service.version"/>
|
4233
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
|
4234
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
4235
|
+
<param pos="0" name="os.product" value="Linux"/>
|
4236
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
4237
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
4238
|
+
</fingerprint>
|
4239
|
+
|
4240
|
+
<fingerprint pattern="^Cherokee/([\d.]+) \(Gentoo Linux\)$">
|
4241
|
+
<description>Cherokee Web Server - Gentoo variant</description>
|
4242
|
+
<example service.version="1.2.104">Cherokee/1.2.104 (Gentoo Linux)</example>
|
4243
|
+
<param pos="0" name="service.vendor" value="Cherokee Project"/>
|
4244
|
+
<param pos="0" name="service.product" value="Cherokee"/>
|
4245
|
+
<param pos="1" name="service.version"/>
|
4246
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
|
4247
|
+
<param pos="0" name="os.vendor" value="Gentoo"/>
|
4248
|
+
<param pos="0" name="os.product" value="Linux"/>
|
4249
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
4250
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
|
4251
|
+
</fingerprint>
|
4252
|
+
|
4253
|
+
<fingerprint pattern="^Cherokee(?:/([\d.]+))?(?: \(UNIX\))?$">
|
4254
|
+
<description>Cherokee Web Server</description>
|
4255
|
+
<example>Cherokee</example>
|
4256
|
+
<example service.version="0.2.7">Cherokee/0.2.7</example>
|
4257
|
+
<example service.version="1.2.101">Cherokee/1.2.101 (UNIX)</example>
|
4258
|
+
<param pos="0" name="service.vendor" value="Cherokee Project"/>
|
4259
|
+
<param pos="0" name="service.product" value="Cherokee"/>
|
4260
|
+
<param pos="1" name="service.version"/>
|
4261
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cherokee-project:cherokee:{service.version}"/>
|
4262
|
+
</fingerprint>
|
4263
|
+
|
4174
4264
|
<!-- This is a version of ACME mini_httpd where the value 'mini_httpd' has been
|
4175
4265
|
replaced with a UUID in the Server header AND body of the response. It
|
4176
4266
|
is likely vendor or product specific.
|
@@ -4186,4 +4276,33 @@
|
|
4186
4276
|
<param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
|
4187
4277
|
</fingerprint>
|
4188
4278
|
|
4279
|
+
<fingerprint pattern="^Unspecified, UPnP/[\d\.]+, Unspecified$">
|
4280
|
+
<description>UPNP server</description>
|
4281
|
+
<example>Unspecified, UPnP/1.0, Unspecified</example>
|
4282
|
+
<param pos="0" name="service.family" value="UPnP"/>
|
4283
|
+
</fingerprint>
|
4284
|
+
|
4285
|
+
<fingerprint pattern="^WNR2000v([0-9]) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
|
4286
|
+
<description>Netgear WNR2000v5 Router UPnP</description>
|
4287
|
+
<example hw.version="5" service.version="1.0">WNR2000v5 UPnP/1.0 miniupnpd/1.0</example>
|
4288
|
+
<param pos="1" name="hw.version"/>
|
4289
|
+
<param pos="2" name="service.version"/>
|
4290
|
+
<param pos="0" name="service.vendor" value="Netgear"/>
|
4291
|
+
<param pos="0" name="service.family" value="UPnP"/>
|
4292
|
+
<param pos="0" name="service.product" value="MiniUPnP"/>
|
4293
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
4294
|
+
<param pos="0" name="hw.product" value="WNR2000"/>
|
4295
|
+
<param pos="0" name="hw.device" value="Router"/>
|
4296
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:netgear:wnr2000:{hw.version}"/>
|
4297
|
+
</fingerprint>
|
4298
|
+
|
4299
|
+
<fingerprint pattern="^ev-compat$">
|
4300
|
+
<description>PELCO CAMERA DEVICE</description>
|
4301
|
+
<example>ev-compat</example>
|
4302
|
+
<param pos="0" name="service.vendor" value="Pelco"/>
|
4303
|
+
<param pos="0" name="service.family" value="UPnP"/>
|
4304
|
+
<param pos="0" name="hw.vendor" value="Pelco"/>
|
4305
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
4306
|
+
</fingerprint>
|
4307
|
+
|
4189
4308
|
</fingerprints>
|